By leveraging Myrmidon Defense Technology (MDT), Sevii enables cybersecurity teams to orchestrate autonomous AI agent swarms to hunt, isolate, and remediate threats at machine speed. This "AI fire with AI fire" approach addresses the critical shortage of security professionals while offering a fixed-cost model that eliminates the unpredictability of AI token consumption.

The post Sevii Adds Ability to Dynamically Deploy AI Agents to Combat Cyberattacks appeared first on Security Boulevard.

Vonage’s partnership with Girls Who Code is more than feel-good philanthropy; it’s a blueprint for building diverse AI talent pipelines.

The post Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like appeared first on TechRepublic.

Cybersecurity requires creativity and thinking outside the box. It’s why more organizations are looking at people with soft skills and coming from outside the tech industry to address the cyber skills gap. As the threat landscape becomes more complex and nation-state actors launch innovative cyberattacks against critical infrastructure, there is a need for cybersecurity professionals who can anticipate these attacks and develop creative preventive solutions.

Of course, a lot of cybersecurity work is mundane and repetitive — monitoring logs, sniffing out false positive alerts, etc. Artificial intelligence (AI) has been a boon in filling the talent gaps when it comes to these types of tasks. But AI has also proven useful for many of the same things that creative thought brings to the threat table, such as addressing more sophisticated threat actors, the rapid increase of data and the hybrid infrastructure.

However, many companies are seeing the value of AI, especially generative AI (gen AI), in handling a greater share of creative work — not just in cybersecurity but also in areas like marketing and public relations, writing and research. But are these organizations using AI in a way that could threaten the importance of human creativity in threat detection?

Why creativity is important to cybersecurity

The very simple reason why cybersecurity requires innovative people is that threat actors are already coming up with novel approaches to how to get into your system. Are they using gen AI to launch their attacks? You bet they are; phishing emails have never been more grammatically constructed or realistic. But before AI was available, threat actors were designing social engineering attacks that attracted clicks. Now, they have advanced beyond “how can we lure in victims” to “how can we get more out of a single attack after we lure in the victims.”

Creativity isn’t just coming up with new ideas. It is also the ability to see things through a big-picture lens and discern historical data or where to find information you might not know you need to look for. For example, creative thought is required for the following security tasks:

• Threat hunting or predicting a threat actor’s move or finding their tracks in a system
• Finding buried evidence in a forensic search
• Understanding historical data in anomaly detection
• Ability to tell a real email or document versus a well-designed phishing attack
• Verifying new zero day attacks and other malware variants found in otherwise unknown vulnerabilities

AI can augment human creativity, but gen AI gets a lot of things wrong. Users have found themselves in situations where AI claimed plagiarism on original work or AI hallucinations offered false information that nullified the research of human analysts. AI algorithms are also susceptible to bias that could lead to false positives.

Explore AI cybersecurity solutions

AI’s role in creative cybersecurity and beyond

While many creative people, cybersecurity professionals and beyond, see gen AI as a mixed blessing, many embrace the technology because it is a huge timesaver.

“Gen AI can help prototype much faster because the large language models can take over the refactoring and documentation of code,” wrote Aili McConnon in an IBM blog post. Also, the article pointed out, AI tools can help users create prototypes or visualize their ideas in minutes versus hours or days.

Creativity married to AI can help identify future leaders. According to research from IBM, two-thirds of company leaders found that AI is driving their growth, with four specific use cases — IT operations, user experience, virtual assistants and cybersecurity — most commonly favored by leaders.

“A Learner will typically copy predefined scenarios using out-of-the-box technologies,” Dr. Stephan Bloehdorn, Executive Partner and Practice Leader, AI, Analytics and Automation-IBM Consulting DACH, was quoted in the study. “But a Leader develops custom innovations.”

Over-reliance on AI?

As gen AI becomes more ubiquitous in the workplace and as more creative folks and leaders rely on it as a way to put their ideas in motion, are we also relying on the technology to the point that it could lead to a degradation of other important necessary skills, like the ability to analyze data and create viable solutions?

It is unclear if organizations are over-relying on gen AI, according to Stephen Kowski, Field CTO at SlashNext Email Security+, but it is becoming more of a designed feature due to unintended consequences related to resource allocation in organizations.

“While AI excels at processing massive volumes of threat data, real-world attacks constantly evolve beyond historical patterns, requiring human expertise to identify and respond to zero-day threats,” said Kowski in an email interview. “The key is achieving the right balance where AI handles high-volume routine detection while skilled analysts investigate novel attack patterns and determine strategic responses.”

Yet, Kris Bondi, CEO and Co-Founder of Mimoto, isn’t worried about AI leading to a degradation of skills — at least not for the foreseeable future.

“One of the biggest challenges for cybersecurity professionals is having too many alerts and too many false positives. AI is only able to automate a small percentage of responses. It’s more likely that AI will eventually automate additional requirements for someone deemed to be suspicious or the elevation of alert so that a human can analyze the situation,” Bondi said via email.

However, organizations should watch out for AI’s role in defining threat-hunting parameters. “If AI is the sole driver defining threat hunting parameters without spot-checks or audits, the threat intelligence approach could eventually be focused in the wrong area. The answer is more reliance on critical thinking and analytical skills,” said Bondi.

Embracing creativity in an AI-driven world

AI overall, and gen AI in particular, are going to be part of the business world going forward. It is going to play a vital role in how organizations and analysts approach cybersecurity defenses and mitigations. But the soft skills that creative thought depends on will still play an important and necessary role in cybersecurity.

“Rather than diminishing soft skills, AI integration has the opportunity to elevate the importance of communication, collaboration and strategic thinking, as security teams must effectively convey complex findings to stakeholders,” said Kowski. “The human elements of cybersecurity — leadership, adaptability and cross-functional partnership — become even more critical as AI handles the technical heavy lifting.”

The post Will AI threaten the role of human creativity in cyber threat detection? appeared first on Security Intelligence.

AI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence (AI) jump into the top five list of security skills.

It’s not just the need for workers with security-related AI skills. The Workforce Study also takes a deep dive into how the 16,000 respondents think AI will impact cybersecurity and job roles overall, from changing skills approaches to creating generative AI (gen AI) strategies.

Budgets and the skills gap

According to the study, two-thirds of respondents think that their expertise in cybersecurity will augment AI technology; on the flip side, a third are concerned their jobs could be eliminated in an AI-focused world.

That, of course, is not going to happen immediately. Not even half the respondents have implemented gen AI into their tools. The more immediate concern for cybersecurity professionals is budgets.

“In 2024, 25% of respondents reported layoffs in their cybersecurity departments, a 3% rise from 2023, while 37% faced budget cuts, a 7% rise from 2023,” the report stated.

These budget cuts have impacted the skills gap, as two-thirds of the respondents said not only have the budget cuts led to current staffing shortages but they are expected to make closing the skills gap even more difficult in the next few years.

Many of the respondents pointed out that the skills gap has had a more negative effect on organizational security than the decrease in on-site staff. In part because the funding isn’t available for training and because those with skills in high demand are moving on to better-paying positions, many security teams struggle to address the threats and risks in today’s cybersecurity landscape.

Explore IBM SkillsBuild

The role of AI in the skills gap

Two years ago, AI wasn’t even considered a required skill set for cybersecurity jobs, but now it is a top five skill, said Jon France, CISO with ISC2.

“And we suspect that probably next year, it will be the number one in-demand skill set around security,” France said in a conversation at ISC2’s Security Congress in Las Vegas.

(If you’re wondering, the other skills in the top five are cloud, zero trust architecture, forensics, incident response and application security — all areas that have been at the top of the skills need list for a long time.)

AI’s role in cybersecurity is changing because of the exponential increase in data and the need to gather good intelligence on the data being generated.

“AI is one of the tools that can obviously consider large data sets very quickly,” said France. Still, human eyes are necessary to validate the results generated from AI models. This is where AI security skills will be most needed to advance the changes in how analysts and incident responders analyze data.

France also believes that AI will change the scope of entry-level security positions. “I think if you’re coming into the profession, and if you’ve got to pick up one thing to learn, you’ll get the most favorable opportunities if you have experience of using generative AI coding.”

Right now, however, there is a bit of a disconnect between the technical skills that hiring managers think are needed and what non-hiring managers want. Both types of managers list cloud computing security skills at the top of the list, but when asked about AI/ML skills, only 24% of hiring managers said it was a skill they want right now, ranking last on the skills-need list. When non-hiring managers are asked about the skills most in demand to advance careers, 37% said AI/ML, higher than every other listed skill but cloud security.

AI is reinventing cybersecurity skills

In its study AI in Cyber 2024, ISC2 found that 82% of respondents are optimistic that AI will improve work efficiency, and 88% thought it would impact their job role in some way. Relying more on AI in the cyber world has a lot of positive points, but there are also issues around the technology causing stress. Four in ten respondents said they aren’t prepared for the explosion of AI, according to the AI study, and 65% said their organization needs more regulations around the safe use of gen AI, according to the Workforce study.

But there are also a lot of question marks surrounding what skills will be needed. “While study participants speculated on what skills may be automated or streamlined, they cannot yet predict what activities, if any, AI will replace,” the study reported. Perhaps this is why hiring managers are showing some reluctance to hire cybersecurity professionals who have AI technical expertise.

With AI, many anticipate an uptick in the need for non-technical skills. Cybersecurity has been more open to finding potential professionals outside of the traditional technical areas and training them for their new roles, so it isn’t too surprising that, because hiring managers aren’t certain of the type of skills that will be required for using gen AI as a security tool (or for securing gen AI, for that matter), there is a greater willingness to default to non-tech skills that are seen as more transferable as the technology evolves. Overall, strong communication skills were listed as the most in-demand skill set across all of cybersecurity, followed closely by strong problem-solving skills and teamwork/collaboration skills.

The cyber workforce in the world of AI

Looking at the overall picture of how AI skills will fit into the cybersecurity workforce going forward, it is likely that the issues that hamper hiring today will have a similar impact on AI expertise. Budget cuts will decrease the workforce, as already mentioned. France pointed to the human resources gap as well, where entry-level positions are posted with requirements such as certifications that require five years of work experience.

“We also need to blow this myth: New entrance into the cybersecurity workforce doesn’t mean young. It can be a career change. In fact, career changes bring a lot of different viewpoints and experiences,” said France.

Hire for the skills the employee is bringing to the table, even if they aren’t what you need right now. “The rest,” said France, “can be taught.”

The post ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers appeared first on Security Intelligence.

Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.

For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is getting more expensive, the CISO said, security budgets are being slashed.

As for the cybersecurity talent shortage, the 2024 ISC2 Cybersecurity Workforce Study noted that “39% said a lack of budget was the top reason for cyber shortages, replacing a shortage of talent as the previous top reason for staff shortages.” According to Forrester’s 2024 Cybersecurity Benchmarks Global Report, the cybersecurity budget is just 5.7% of the entire IT budget, making it very difficult for CISOs to bring in the right personnel or upgrade tools and solutions.

However, it might not be the dollar amount that is the problem as much as where the budget is coming from. CEOs think about cybersecurity differently when it is tied to IT and when the CISO reports directly to the CIO versus when the CISO can present cybersecurity as a vital cog in overall business operations and tie it directly to business risk, the Forrester report found.

“CISOs who can articulate the business value of cybersecurity, demonstrating how it can drive revenue and support strategic goals, are more likely to secure the necessary funding. This shift also reflects a growing recognition of cybersecurity’s strategic importance beyond mere IT operations,” Louis Columbus wrote.

Key issues in cybersecurity funding

Once cybersecurity is approached as a key factor in business operations rather than as a function of IT, CEOs and CISOs are more likely to be on the same page when it comes to budget.

“Security funding and oversight is a top priority for both the management team and the Board of Directors,” said Dave Gerry, CEO of Bugcrowd.

“Cybersecurity investment uplift is prioritized against the cyber threats we face as a business; the IT risks that we have identified and need to remediate or the customer and compliance obligations that we need to ensure,” Gerry added. “Thematically, however, it all points back to ensuring that the confidentiality, integrity and availability of our data we reside over is protected — whether it’s that of customers, employees or critical business partners, whilst enabling our business in-turn.”

Risk prioritization and business continuity are two key areas that George Jones, CISO at Critical Start, focuses on. Along with emerging threats and vulnerability management, Jones says these four items are the pillars of security for the enterprise as they are aligned with overall business goals and objectives.

One of the drivers behind realigning cybersecurity investments is the Security and Exchange Commission’s (SEC) new rules around the disclosure of cybersecurity incidents. Organizations are now also required to share details about their cybersecurity risk management programs, particularly around any financial information.

“After recent SEC guidelines were announced, Boards are more focused than ever on cyber risk reduction and ensuring adequate funding is critical, especially as organization’s attack surfaces continue to rapidly expand,” said Gerry.

Explore AI cybersecurity solutions

Collaboration between CISOs and CEOs

While CISOs and CEOs (and, in many cases, in conjunction with the CFO) have to build an ongoing dialogue about cybersecurity investments, they are coming to the table with two different interests.

“The CEO lens will be focused on obtaining satisfaction that the security initiatives deliver value with tolerable impacts on productivity, but more importantly looking for the potential of competitive advantage,” said Gareth Lindahl-Wise, CISO at Ontinue. The CISO’s approach, on the other hand, focuses on risk prevention, mitigation and solutions to meet all of the organization’s legal, regulatory and contractual obligations.

The overall goal should be to create a security posture advantageous in gaining or retaining customers or attracting investment. Ultimately, said Lindahl-Wise, these decisions lie with the CEO and board.

“When it comes to funding and risk acceptance, CISO is, largely, an expert advisor — if an informed and conscious decision has been made by a CEO, then one should argue the CISO has discharged their responsibilities,” Lindahl-Wise added.

CEO Gerry, however, said the final decision on funding allocation is made by the Board of Directors, and it is up to both the CEO and the CISO to get their buy-in on where and what security investments should be made.

“This is a key reason that the CISO should report to the CEO and have direct access to the Board of Directors,” said Gerry. “While oftentimes security can be viewed as a cost center, the new reality is that a robust security program should be a competitive differentiator and a revenue enabler, in addition to simply being the cost of doing business in an ever-expanding threat environment.”

The Future is AI

CISOs have long understood the role AI plays in cybersecurity, particularly handling some of the most mundane tasks that free up time for overworked security teams to handle issues that require hands-on management. As generative AI becomes ubiquitous in the workplace, CEOs have become increasingly aware of AI’s impact on business and security risks. Some companies are turning to adding Chief AI Officers to their IT and security teams, but even when they aren’t CEOs still recognize the need to include AI in future security budgets.

“As threats become more sophisticated, leveraging AI tools enables us to enhance our threat detection, automate responses and improve incident management,” said Darren Guccione, CEO at Keeper Security. “Skilled professionals are needed to navigate the rapidly evolving threat landscape and ensure that our AI-driven strategies remain effective and secure and must be a budget consideration.”

How it is defined within the cybersecurity budget will depend on how it is used. Will it be a fringe use of AI in commercial tools for productivity gains or an embedded use of AI in the organization’s core offerings?

“If it is the latter, the CEO must satisfy themselves that the organization has the right experience to manage the opportunities and risks,” Lindahl-Wise said. As for the security side of things, “My hunch is we will see AI responsibilities feature heavily in CIO/CTO roles before standalone CAIOs become the norm.”

AI might be the most current technology and security disrupter, but it won’t be the last. Where it is similar is that it creates risk, both to the business and to cybersecurity, and risk is where CEOs and CISOs will focus on investments as a team.

The post CISO vs. CEO: Making a case for cybersecurity investments appeared first on Security Intelligence.

With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.

We’ve summarized this past year’s top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following year.

Billions of US citizens have private data exposed

On April 8, 2024, one of the largest personal data breaches took place, leading to nearly 3 billion US citizens having their information leaked on the dark web. Even more shocking was that all of this information came from only one source — National Public Data, a background check and fraud prevention service located in Coral Springs, Florida.

The stolen information collected contained names, social security numbers, home addresses and known relatives, and was listed on the dark web for sale for $3.5 million. Many of the victims were still unaware of the breach several months later, leading to several class action lawsuits filed by a dozen U.S. states. National Public Data has since then filed for bankruptcy.

Third-party breaches impact top 48 energy companies

A SecurityScorecard report revealed this year that 90% of the world’s top energy companies experienced data breaches that stemmed from third-party breaches. Many of these attacks were a direct result of increased reliance on cloud services and third-party integration to manage networked systems.

It was confirmed that out of the 264 individual breaches linked to third-party compromises, the MOVEit vulnerability was one of the major reasons for the issues. With critical infrastructure organizations playing a significant role in the health and well-being of citizens, these types of breaches continue to threaten public safety. The energy sector as a whole has since begun implementing stricter vendor assessments, continuous system and threat monitoring solutions and more secure data transfer protocols.

Read the Cost of a Data Breach Report

Financial firms face the highest data breach costs since the pandemic

According to the IBM Cost of a Data Breach 2024 report, the financial sector has seen a surge in data breach costs since the pandemic, reaching an average of $6.08 million per incident. While various attack types account for this increase, IT failures and simple human error account for a significant portion of the problem.

While certain improvements have been made in threat detection and containment timelines, many financial firms still have an uphill battle to climb. Larger-scale financial service breaches are now estimated to reach hundreds of millions of dollars in damages, leading many organizations to invest more in comprehensive identity and access management (IAM) solutions, AI-powered security solutions and dedicated incident response teams.

Average data breach cost increases 10% year-over-year

The global average cost of data breaches jumped 10% year-over-year between 2023 and 2024, with the latest figure reaching an alarming $4.88 million. The number represented by this average is driven by a number of factors, including lost business revenues, recovery costs and regulatory fines.

Complicating this ongoing trend, 40% of breaches recorded now involve data spread across multiple public and cloud environments and on-premises systems. These larger digital footprints average over $5 million in recovery costs with an average containment timeline of 283 days. Encouragingly, organizations that leverage AI-driven security workflows are experiencing a significantly lower average of $2.2 million per breach, pointing to a positive trend in next-generation security measures.

50% of data breaches tied to security staffing shortages

The cybersecurity skills gap widened over the last few years, with 50% of organizations experiencing data breaches reporting that they stemmed from staffing shortages. Skills shortages are specific to a wide range of critical areas, including cloud security and incident response, data analysis and compliance expertise. Another growing need for these impacted organizations is proficiency in security information and event management (SIEM) tools and active threat hunting.

In an ongoing effort to fill the key personnel gaps, it’s now recommended that organizations put a stronger focus on upskilling their existing workforce. Modern businesses can also leverage professional soft skills such as good communication and adaptability to help supplement and strengthen their security teams.

Moving into 2025

The past year has shown that while modern cybersecurity tools and solutions provide protection against a broader range of threats, very few industries and organizations are immune to cyber crime’s evolving nature.

As we move into 2025, enterprises should prioritize a proactive approach to cybersecurity planning. This includes optimizing their access restriction policies when operating with both in-house and remote teams, working to address any critical staffing shortages, and creating a stronger culture of security awareness within their organization.

The post 2024 roundup: Top data breach stories and industry trends appeared first on Security Intelligence.

December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.

Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment expecting the most spending growth, with security software coming in second and network security as the third area of growth.

“The continued heightened threat environment, cloud movement and talent crunch are pushing security to the top of the priorities list and pressing chief information security officers (CISOs) to increase their organization’s security spend,” said Shailendra Upadhyay, Senior Research Principal at Gartner in a recent press release. “Furthermore, organizations are currently assessing their endpoint protection platform (EPP) and endpoint detection and response (EDR) needs and making adjustments to boost their operational resilience and incident response following the CrowdStrike outage.”

Factors contributing to the increase in spending

While spending decisions and increases are likely due to many different reasons, Gartner points to two main reasons for the predicted increase.

• Generative AI: Garter said that because of organizations using Generative AI, they will need to take additional steps to secure their environment. The IBM Framework for Securing Generative AI lays out five steps: Securing the data, securing the model, securing the usage, securing AI model infrastructure and establishing sound AI governance. Many organizations will need to purchase additional software, such as application security, data security and privacy and infrastructure protection, due to the increased use of generative AI.
• The global skills shortage: Many organizations are facing a skills shortage where they do not have the in-house talent to manage their cybersecurity needs. As a solution, many are hiring help to reduce their risks, such as security consulting services, security professional services and managed security services. Gartner points to the costs of these services as a driving factor in high predicted spending, making services a high-growth area of cybersecurity.

Explore cybersecurity services

Creating your cybersecurity budget

Instead of simply making a single line item on your organization’s budget that encompasses cybersecurity, accurate budgeting starts with breaking out all of the components of an effective cybersecurity program.

Consider the following in your budget:

• Labor costs: Besides salaries for all full-time employees, consider any additional services you need to purchase. For example, outsourcing penetration testing falls into this line item. Additionally, consider if you need to hire managed services for any portion of your cybersecurity.
• Technology: Think about all types of software needed, which includes antivirus, encryption tools and firewalls. Consider if you will be using generative AI for cybersecurity as well as additional tools needed to protect the organization from attacks on generative AI tools used for daily business tasks. Be sure to also include hardware costs, such as any infrastructure upgrades needed to run any new technological tools, especially generative AI.
• Training: Many organizations only consider the budget for training and certifications for their cybersecurity staff. However, be sure to allocate funds for cybersecurity training for the entire organization. By thinking outside the box and setting aside sufficient funds, you can make a big impact in reducing cyberattacks caused by employee errors.
• Incident Response: After a breach or attack happens, organizations need funds to contain the breach and manage the response. Costs that often occur include legal fees, PR firms, overtime, data breach notification, identity theft protection and loss of revenue.

Budget can affect employee stress

While many organizations consider business disruption and potential risk when creating their cybersecurity budget, many overlook how the budget impacts the cybersecurity team.

The ISACA State of Cybersecurity 2024 and Beyond found that 66% of cybersecurity professionals stated their role is more stressful. Not surprisingly, the top reason (81%) stated was that the threat landscape is increasingly complex. However, the budget being too low (45%) tied for second with worsened hiring retention challenges and staff not being skilled/trained.

The report found that more than half (51%) felt that their budgets were underfunded, an increase from 47% sharing that sentiment in 2023. Additionally, only 37% expect that their budgets will increase in 2025. Adding to the stress, only 40% had a high confidence that their team was prepared to handle a cyberattack. While at the same time, 47% expect a cyberattack on their organizations.

Reducing employee stress while budgeting for 2025

As business leaders are working on budgets, here are some ways to reduce employee stress related to the 2025 budget.

• Include your hands-on cybersecurity team members in the budget discussions. When employees feel that their perspectives and ideas are heard, they are less likely to be resentful. Additionally, they can see first-hand the tradeoffs involved in budgeting as well as the impact of each decision on other line items. 
• Ask employees to share their current challenges. By starting with understanding their problems, you can then use these issues to drive the budget decisions. If team members jump to the technology solutions, steer them back to first discussing the problems.
• Have your cybersecurity team research and get estimates. Once you move to the solution portion of budgeting, ask cybersecurity team members to research tools and get estimates. Since they will be the ones using the tools on a daily basis, getting their buy-in on specific solutions can help increase satisfaction as well as improve the accuracy of the budget.
• Show team members the draft budget. Budgeting often means making hard decisions. By showing the team the draft budget and asking for their input, they feel heard and also can see the tradeoffs that are necessary as part of the budgeting process.

While the increase in cybersecurity spending is a positive trend overall, the most important thing is how companies use their higher investments. By making the right choices for your specific organization, you can reduce risk while also improving employee satisfaction.

The post Making smart cybersecurity spending decisions in 2025 appeared first on Security Intelligence.